Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption EU Privacy Security

Security Experts Say New EU Rules Will Damage WhatsApp Encryption (theverge.com) 169

Corin Faife writes via The Verge: On March 24th, EU governing bodies announced that they had reached a deal on the most sweeping legislation to target Big Tech in Europe, known as the Digital Markets Act (DMA). Seen as an ambitious law with far-reaching implications, the most eye-catching measure in the bill would require that every large tech company -- defined as having a market capitalization of more than 75 billion euros or a user base of more than 45 million people in the EU -- create products that are interoperable with smaller platforms. For messaging apps, that would mean letting end-to-end encrypted services like WhatsApp mingle with less secure protocols like SMS -- which security experts worry will undermine hard-won gains in the field of message encryption.

The main focus of the DMA is a class of large tech companies termed "gatekeepers," defined by the size of their audience or revenue and, by extension, the structural power they are able to wield against smaller competitors. Through the new regulations, the government is hoping to "break open" some of the services provided by such companies to allow smaller businesses to compete. That could mean letting users install third-party apps outside of the App Store, letting outside sellers rank higher in Amazon searches, or requiring messaging apps to send texts across multiple protocols. But this could pose a real problem for services promising end-to-end encryption: the consensus among cryptographers is that it will be difficult, if not impossible, to maintain encryption between apps, with potentially enormous implications for users.

Signal is small enough that it wouldn't be affected by the DMA provisions, but WhatsApp -- which uses the Signal protocol and is owned by Meta -- certainly would be. The result could be that some, if not all, of WhatsApp's end-to-end messaging encryption is weakened or removed, robbing a billion users of the protections of private messaging. Given the need for precise implementation of cryptographic standards, experts say that there's no simple fix that can reconcile security and interoperability for encrypted messaging services. Effectively, there would be no way to fuse together different forms of encryption across apps with different design features, said Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University.

This discussion has been archived. No new comments can be posted.

Security Experts Say New EU Rules Will Damage WhatsApp Encryption

Comments Filter:
  • Real user choice would be to allow the user to decide if they want interoperability, side loading, etc. As part of the settings, have a toggle that lets you turn off features you don't want, such as interoperability. That would allow users that value security to continue as is while allowing others to make a different choice. You could have them set as OFF and a popup ask you if you want to enable them when you first launch an app.
    • by dgatwood ( 11270 )

      Real user choice would be to allow the user to decide if they want interoperability, side loading, etc. As part of the settings, have a toggle that lets you turn off features you don't want, such as interoperability. That would allow users that value security to continue as is while allowing others to make a different choice. You could have them set as OFF and a popup ask you if you want to enable them when you first launch an app.

      Yes, though a better approach would be to make it visually obvious, such as all unencrypted recipients appearing with a red background, so that you know instantly that your communication with that person is not secure, along with a warning message when you add that person to a group chat, and notification to everyone in the group chat that future communication will not be secure.

      Either way, the only reason security is even an issue is because these companies don't actually care about their users' privacy.

      • Real user choice would be to allow the user to decide if they want interoperability, side loading, etc. As part of the settings, have a toggle that lets you turn off features you don't want, such as interoperability. That would allow users that value security to continue as is while allowing others to make a different choice. You could have them set as OFF and a popup ask you if you want to enable them when you first launch an app.

        Yes, though a better approach would be to make it visually obvious, such as all unencrypted recipients appearing with a red background, so that you know instantly that your communication with that person is not secure, along with a warning message when you add that person to a group chat, and notification to everyone in the group chat that future communication will not be secure.

        You could do that and still allow users to chose whether or not they wanted to allow interoperability. It isn't an either or situation but a chance to satisfy both camps.

        Sorry, but forcing their hands is the right call.

        Only to the extent a user is still given a choice whether or not they want it. if enough choose to allow it then it'll be teh way of teh future, if not, it's clear users didn't want it. Government should give users teh chance to make teh choice, not dictate it.

      • Apple has no replacement for SMS, unless you mean iMessage, which obviously only works from Apple to Apple, and most users have it disabled as it does not work reliable cross devices.

        • by dgatwood ( 11270 )

          Apple has no replacement for SMS, unless you mean iMessage, which obviously only works from Apple to Apple, and most users have it disabled as it does not work reliable cross devices.

          Yes, iMessage is exactly what I mean. And I don't know anyone who has disabled iMessage (and I know a *lot* of iOS users), so I question your conclusion that most users disable it.

  • "create products that are interoperable with smaller platforms. For messaging apps, that would mean letting end-to-end encrypted services like WhatsApp mingle with less secure protocols like SMS -- which security experts worry will undermine hard-won gains in the field of message encryption."

    Yeah, or for gaming, this means that PS5 owners should be able to play every indy PC game by tomorrow, right?

    Come on. Comparing SMS to WhatsApp is like comparing Grandpappy's musket to an M-16. Much like my example above, not everything is going to be magically "interoperable" by passing this bill. If I need to travel across an ocean, I don't look for a car to do it.

    This law, isn't about interoperability. It's about banning encryption.

    • I saw that sentence as a major red flag of lobbying group disinformation, it's absurd - but they want to fool you into believing this:

      This law, isn't about interoperability. It's about banning encryption.

      From what I've seen the law really is about interoperability, but industry groups likely want to fool users to believe it's about banning encryption so that they'll oppose a law that poses a threat to their walled gardens.

      What allowing access to WhatsApp would actually mean would be just publishing some API details to allow other clients to log in, like back in the days when

      • by AmiMoJo ( 196126 )

        Yep. WhatsApp uses the Signal protocol. It's open source, and interoperability does not impact it in the slightest.

    • by DarkOx ( 621550 )

      I don't know how old you are but most our grandpappy's would have probably been using an M1 and for the younger folks here grandpappy might have carried an M-14.

      Either have a lot more in common with an M-15 than a musket.

    • Maybe - although Signal offers an example of what they (might) be going on about - even though they aren't affected by the law.

      The Signal phone app can approximately replace your SMS app - it'll send SMS to people that don't have Signal, or else encrypt and send over the Signal network if they do. That looks like operability to me - one thing works with two networks.

      If Whatsapp let (say) Pidgin have a Whatsapp plugin (possibly even a proprietary one), then that too might qualify as "interoperability" - I no

      • How are you thinking that a proprietary plug-in is somehow less trouble than the app? They control the code either way

        • Sure - but the data that gets leaked is at the control of Pidgin. If Pidgin doesn't (say) give contacts, or GPS, then Whatsapp/Facebook/Meta can't get their hands on it.

          I agree it's hardly a panacea, and anything can be abused, but even a proprietary plugin would be better than what we have today. An open source plugin better still, and the complete destruction of Whatsapp the best of all. I'll take whatever I can get ;-)

      • by AmiMoJo ( 196126 )

        WhatsApp actually uses the Signal protocol. They just don't allow the WhatsApp servers and the Signal servers to talk, or for any third party clients to connect.

        • by Octorian ( 14086 )

          The E2EE protocol is the same, but the rest of the protocol is completely different.
          Its all layered, so think of it like two completely different chat protocols that just happen to generate the binary blob of ciphertext inside their respective message objects the same way.

    • by vyvepe ( 809573 )

      This law, isn't about interoperability. It's about banning encryption.

      Nonsense. There is no problem with interoperable end to end encryption. They just need to document the protocol. They may release some libraries if they want to be very nice.

    • Or WhatsApp could just implement an RCS client and give you a notification of visual cue that you're not using the WhatsApp backend when you message that person. Kind of like Apple's been doing for a decade with the "green bubble". Make it red with yellow stripes with a bit of text at the top of the message chain saying that this conversation isn't encrypted.

      Problem solved. Except on iOS where the only possible SMS / MMS client is iMessage until this law forces Apple to remove that unnecessary brick wall

      • Problem solved. Except on iOS where the only possible SMS / MMS client is iMessage until this law forces Apple to remove that unnecessary brick wall.
        And on other platforms you can vane non vendor provided SMS/MMS apps? Never heard about that. And why would anyone want that?

  • Am I hearing "if we regulate Big Tech, we are going to lose security"? Sorry, not buying that.

    First - if Whatsapp displayed unsecure SMS messages in RED and asked before sending them, I don't see a security issue. Second - where there's a will, there's a way. Doesn't the article mention that WhatsApp actually uses the Signal protocol?

    • Am I hearing "if we regulate Big Tech, we are going to lose security"? Sorry, not buying that.

      As with all these regulations it depends on the details. Sure, the GDPR and California laws on disclosure of leaks have lead to massive increases in security. On the other hand, the recent story about insecure mobile network systems left behind in Russia [slashdot.org] is entirely caused by government regulators in the US and Europe requiring access to communications.

      First - if Whatsapp displayed unsecure SMS messages in RED and asked before sending them, I don't see a security issue. Second - where there's a will, there's a way. Doesn't the article mention that WhatsApp actually uses the Signal protocol?

      Using red for SMSs which are unencrypted would be clear. However, what if Whatsapp has to send to Google chat or one of the Apple messaging protocols which i

      • However, what if Whatsapp has to send to Google chat or one of the Apple messaging protocols which is less secure because it's integrated with a picture scanning system?

        This doesn't seem particularly complicated. Apple's iMessages already shows user of its own service in one color, and SMS users in another. Other systems might do something similar. Messages are sent within the service itself, one color. Sent to another service with E2E encryption, a slightly different shade of the same color and tiny bubble icon or whatever indicative of the protocol used. Sent to another service without encryption, such as plain-text SMS, or with MITM-only encryption, such as standard Tel

        • "blue" = same protocol and encrypted
          "green" = different protocol but still encrypted
          "orange or red" = not encrypted

          I'd rather see green/yellow/red, though, like traffic lights.

          There's also people with colour blindness to take into account.

      • by pjt33 ( 739471 )

        As with all these regulations it depends on the details.

        I'm looking at the actual text of the proposed legislation [europa.eu], and I can't see what it has to do with messaging systems supporting SMS at all. The core is Article 5:

        In respect of each of its core platform services identified pursuant to Article 3(7), a gatekeeper shall:

        (a) refrain from combining personal data sourced from these core platform services with personal data from any other services offered by the gatekeeper or with personal data from third-part

        • Note that this explicitly says that any services of a gatekeeper have to be available. This would include WhatsApp because Facebook also has business relations in other services. How about this bit of the DMA [europa.eu] (N.B. for the whole thing tl;dr, but to be sure whats in there you would have to go through it all, preferably with a team of lawyers):

          Business users that use large core platform services provided by gatekeepers and end users of such business users provide and generate a vast amount of data, including

          • by pjt33 ( 739471 )

            I'm not sure exactly what metadata you have in mind. The actual article text which relates to that recital is 6(i):

            provide business users, or third parties authorised by a business user, free of charge, with effective, high-quality, continuous and real-time access and use of aggregated or non-aggregated data, that is provided for or generated in the context of the use of the relevant core platform services by those business users and the end users engaging with the products or services provided by those bus

          • by AmiMoJo ( 196126 )

            They are talking about third party apps that use the WhatsApp network. They are saying that Facebook can't sabotage them by providing less access to the user's data than they themselves have.

            There is no security or privacy risk here. In fact it could be a major gain for users, as they could choose to use an app that doesn't report so much metadata back to Facebook. It also makes it easier for them to switch to other networks, because they don't have to convince all their friends to.

            Banks in the UK do someth

            • There is no security or privacy risk here. In fact it could be a major gain for users, as they could choose to use an app that doesn't report so much metadata back to Facebook. It also makes it easier for them to switch to other networks, because they don't have to convince all their friends to.

              Before - one company might leak my data. After - ten companies, each of which got the data during some connection with another user - is able to leak my data. I just simply don't agree that, by default that isn't worse security. Definitely, this regulation can improve security if done right. Instead of the clause that data should be available equally to all companies, there should be a clause that each provider should only share the data that's actually needed for a transaction and ensure that they don't, t

              • by AmiMoJo ( 196126 )

                In Europe the GDPR will prevent 10 companies getting your data.

                • If the company is involved in the billing of a communication interaction, even just potentially, that comes under "special purposes" and allows them to get (and thus, under this regulation demand) the information. It's true that they then should have very limited use of that data, however the worry isn't legitimate use, but instead that the data is in multiple databases and more likely to be compromised. The GDPR is good, but it's also practical and so can't be perfect for privacy.

    • by torkus ( 1133985 )

      Imagine if...signal was an open standard that could be implemented by multiple vendors!!!

      Interoperability *could* be a security issue if you don't have security and encryption standards associated with your communication protocol(s). That just means a robust protocol instead of security through obscurity (and we "promise") that plenty of platforms use.

      But vendors crying "omg insecure SMS" is nothing but a straw man. Of course it is. Congrats and thank you for reminding the world. Now how about we secure

  • If whatsapp is forced to be more interoperable, it might actually finally let smaller actors like Signal to become more popular, and allow many of us for whom whatapp is "mandatory evil" kind of a thing to use because most people use it so we have to as well can finally uninstall the damn thing and stick to Signal and Telegram that will likely be interoperable with basic messaging features of whatsapp.

    Whatsapp's "end to end encrypted chat, and yes we have all the keys and we scan your discussions and even c

    • When I see them undo all those facebook-manipulated referendums and votes then I'll believe it. Till then - who gives a fuck indeed.

    • by DarkOx ( 621550 )

      Reality is that will be a security disaster. The biggest problem with most of these messaging apps, is opsec. Even iMessage is probably secure enough that from a pure signit perspective its unlikely anyone will get enough information directly to even go to Apple for the additional meta data detail they can provide.

      Its all the things people do with the message, decisions they make about backups, leaving their unlocked devices out in the open etc, that will undo your confidentiality. Short version is

      • by Luckyo ( 1726890 )

        >The biggest problem with most of these messaging apps, is opsec.

        Let's test this claim against reality. If the biggest problem with messaging apps is opsec, than the app that offers the best opsec would also be the most popular.

        So something like Line, Silence, or Threema.

        And if there's a solution addressing "the biggest problem with most of these messaging apps", people would be flocking to these existing solutions. Yet they aren't.

        Ergo, it's not "the biggest problem", or even a "major problem". Arguably

  • It seems to me that WhatsApp would have to shut off encryption only for messages to/from other messaging systems. This is reasonable if the user understands that it's the price of interoperability. Signal does something similar already.

    • by necro81 ( 917438 )

      This is reasonable if the user understands that it's the price of interoperability

      The key thing is "if the user understands". The Eternal September indicates that most people are, in fact, stupid and clueless when it comes to technology. (This includes policy makers.)

      To quote George Carlin: "Think of how stupid the average person is, and realize half of them are stupider than that."

      • To quote George Carlin: "Think of how stupid the average person is, and realize half of them are stupider than that."

        In general this is wrong. He would be correct though if he were talking about the median [wikipedia.org] person.

        • Your confusing "average" with "mean".

          Average can mean mean, it can mean medium, and rarely it can mean mode.

          For instance when we say "Average monthly income", we measure that with medium, the point which half are under, and half are over. That can be a useful correction when you have a distribution thats kinda all over the place.

          IQ generally is indeed measured as a mean, however in principle its designed so that its a very bell like distribution meaning that the medium and the mean are pretty close. Althoug

          • For reference, 160 would be someone like Einstein, not l33tGamer420 on reddit.
            Gosh, I have to kick that guy from my friend list.

        • by necro81 ( 917438 )

          To quote George Carlin: "Think of how stupid the average person is, and realize half of them are stupider than that."

          In general this is wrong. He would be correct though if he were talking about the median person.

          You are correct - "median" is the more correct term for the joke that Carlin was trying to make.

          On the other hand, Carlin was a comedian, not a statistician. If he'd used "median" instead of "average", a large number in the audience wouldn't get the joke, because they'd be ignorant of wha

    • Basically we need the equivalent of an SSL standard for encrypted messaging. Then interoperability would come via adopting the same standard, as happens with SSL. Still, it would make things easier for bad actors.

    • by idji ( 984038 )
      Why would they have to shut off encryption at all? The two users can do secure key generation and exchange even across an unsecured connection and establish their own secure connection. This is not rocket science, this is standard.
    • Because they offer bad solutions, and expect the worst out of companies. From the article...

      "Making different messaging services compatible can lead to a lowest common denominator approach to design, Bellovin says, in which the unique features that made certain apps valuable to users are stripped back until a shared level of compatibility is reached. For example, if one app supports encrypted multi-party communication and another does not, maintaining communications between them would usually require that

    • But that isn't what is asked for. What is asked for it that other apps can implement WhatsApp messaging, including encryption, not bridging to other less secure systems. The vendors are deliberately misrepresenting the law to defeat it as a strawman.

  • Interoperability means documenting your protocol and allowing other people to use it. WhatsApp is already based on the Signal protocol, but has some additional proprietary requirements that prevent Signal users from conversing with WhatsApp users.

    This law would allow me to create a client that insecurely mixes SMS and WhatsApp. Nothing in the law compels WhatsApp to make their own client insecure or to support SMS in their own client

    • Someone mod this ^ up.

      XMPP with OMEMO [1] is an example of that. I use 5 different clients on 2 different domains running different software, all is e2e encrypted, because: documented agreed upon protocol.
      Now, OMEMO still has its issues, but that is being worked on.

      Matrix might have a similar feature in the protocol. I don't know enough about that.

      In fact, this might help e2e encryption, because 3rd party clients might choose to ignore "reencrypt with this new key" commands (which whatsapp has)

      [1] https://x [xmpp.org]

      • by Octorian ( 14086 )

        What makes E2EE hard to get right, isn't just the success path (which I'm sure OMEMO has already figured out). Its how you deal with all those obscure corner cases and failure modes, and whether you do it in a way that keeps the product usable by normal everyday people.

        There are decisions to make when doing this, and sometimes the "most strictly secure" choice isn't the "most usable choice". So there are middle grounds, key change notifications, etc.

  • This is just FUD ahead of implementing the DMA.

    But, very problem has a solution.
    I invite everyone on Slashdot to post possible solutions.

    Two I can think of in seconds:

    1
    Part of interoperability could be agreement about a shared security/privacy/encryption protocol.
    With the advantage that Meta/Facebook is not able to snoop on all WhatsApp messages anymore (which they can do now).

    2
    Every messenger app shows whether the message is certain to be properly encrypted end2end (ie between two Signal clients) or not (i

    • Like what happens in iMessage. Blue bubble if the message is going over the iMessage network, green bubble if it is going over the SMS network.

      • by shilly ( 142940 )

        That's great for messages you receive. But interoperability means you can't be sure that the message you *send* is opened in a sufficiently secure client by the other party. Instead of opening it in Snapchat, they open it in WhatsApp. Or more sharply, instead of opening the message about the patient's condition from their clinical colleague in Epic Secure Chat, they open it in WhatsApp.

  • by Bert64 ( 520050 )

    Interoperability does not mean broken encryption...

    SSL has multiple interoperable implementations.
    SSH has multiple interoperable implementations.
    PGP has multiple interoperable implementations.

    This is just propaganda, telling lies to convince people that interoperability is a bad thing.

  • Then do the not simple fix. Anything that keeps users locked into chat apps based on what their friends use is unsustainable. Note that you do not have to offer insecure protocols. You just need to make sure others can interact with your users. If you won't come up with a secure interoperable protocol, then someone else will and you'll be relegated to implementing theirs.
  • Can almost see the flood of tears and "what about the children" crying comming from apple if they would have to open facetime and the imessage systems up for others. And god forbid they would allow anyone to bypass the appstore! Anyway. i really dont think it would compromise security any more than it already is. The weak link is always the handset and if that is compromised. And keeping the appstore closed have not really helped that much has it?
  • Signal is exempt. Only affects huge megacorps. Encrypted messaging will still exist within whatsapp. I don't see the problem
  • What a beat-up from the Verge. Of course interoperability won't work with what these companies currently use, yes there are many incompatible encryption methods. So, the companies have to get together and work out a common methodology. We already use common protocols for interoperability - the Internet Protocol for example. This won't be easy-peasy but not insurmountable technically. The difficulty will be getting these players to be honest participants.
  • by chill ( 34294 )

    Signal already interoperates with SMS as well as plain telephony. If Signal to Signal, encrypted, if not, not and it lets you know. What's the problem?

    • Signal can send unencrypted SMS messages

      Signal can send end to end encrypted messages to other Signal users

      Signal can send end to end encrypted and authenticated messages to other Signal users that you have shared safety numbers with

      Signal and WhatsApp should mostly be able to work with each other at the middle level of security. I'm sure both Signal and WhatsApp though will implement new features like how they do video calls that will break compatibility. You really can't have innovation if you don
    • by Octorian ( 14086 )

      Is this actual interoperability? Or is it just "the Signal app can use the phone's SMS APIs" (and guess what? So can FB Messenger). I've seen no reason to not assume its the latter.

  • Europe: Quick beef up your security, the Russians are coming
    Also Europe: Stop using strong end-to-end encryption
  • ... like in Telegram (not "compulsory in all chats": this issues with EU legislation will not exists this way...)
  • letting end-to-end encrypted services like WhatsApp mingle with less secure protocols like SMS

    No, that's not what it means. WhatsApp provides encrypted messaging, SMS does not. The two are not the same.

    WhatsApp -- which uses the Signal protocol...

    Ah, now we come to it. If WhatsApp actually, faithfully implemented the Signal protocol, then it would be interoperable with Signal, as well as any other app that implements that protocol. Since they do, supposedly, use Signal as their base, all they have to do is remove their proprietary changes. Then they would then be compliant with the new law, problem solved.

    • by splutty ( 43475 )

      They can't implement the Signal protocol completely, because that would mean their ability to read all the 'end to end (HAHAHA)' encryption would disappear.

      • To be fair they'd lose a bit more than that.

        One biggie being easy history transfer to a new device, along with redelivery to new peer's device (meaning automagic reencryption, which makes their e2e claims dubious at best).

    • by Octorian ( 14086 )

      Ah, now we come to it. If WhatsApp actually, faithfully implemented the Signal protocol, then it would be interoperable with Signal, as well as any other app that implements that protocol

      No, it doesn't work like this.

      The Signal protocol has to do with session management, key exchanges, and how that blob of message ciphertext is generated and decoded.

      But how does that blob actually get sent from one phone to another?
      By being wrapped in a protocol that's completely proprietary to either Signal or WhatsApp.

      And what data does that blob contain once its decrypted?
      A message structure that's also a completely proprietary format to either Signal or WhatsApp.

      So yeah, being interoperable means implem

  • Civilian access to good encryption has always been a problem. The police cannot do its job without mass surveillance of the population. They can, but you know, they have become lazy, and this is easier. And if we catch a killer, or a low level street dealer, we want to have full access to their phones, and all their contacts. We would even like to have "expanded" access to their contact's data as well. No more dealing with warrants and such.

    So it is a "win-win". Civilians lose encryption, WhatsApp is vilifi

  • by jd ( 1658 )

    Let's say WhatsApp published the complete specifications for their encryption and supplied a BSD-licensed library for communicating with WhatsApp. The law is 100% complied with. Anyone can then interoperate with WhatsApp. What's more, security experts can verify that WhatsApp uses properly secured encryption. All this without weakening WhatsApp itself. You'd still have end-to-end encryption, as the apps would link to the library to do the decryption.

    Ok, could you do this via an intermediate service? Say, se

  • Is probably the real intent, a feature, not a bug. Of course who really believes that whatsapp can't read your messages? I find it difficult to believe such big companies are protecting your privacy

  • WhatsApp won't need to implement less secure encryption, they'd just need to publish an API/spec for 3rd party clients and/or networks to use. If Signal wanted to allow its users to communicate directly with WhatsApp's userbase, it would be up to Signal to do the work to make it happen. They would have to develop against the spec, including the encryption algorithms, to be compatible.

    Interoperability is good. Years ago we were headed down that path, Google chat/hangouts was using XMPP (Jabber) protocol,

  • PGP has existed and works across providers. Why is this a problem?
  • Each time an EU regulation comes out, we get a report on /. about how it was written by people with no clue and how it will cause destruction and despair. The latest times it happened, that I can remember:
    • everything eletronic should have crashed and burned because of tin whiskers after RoHS;
    • we shoud have become poorer (and be paying more for heating) because of the ban on incandescent light bulbs;
    • we also should have got poor because of the ban on giving away plastic bags at supermarkets;
    • all small web site
  • This legislation will not harm end-to-end encryption. If anything, it makes it more likely that services will implement it using free and open standards (e.g. double ratchet) in order to address GDPR issues which arise from complying. This is the same kind of scaremongering we had when the EU wanted services to scan what they had on their servers for illegal content. In neither case was any client-side backdoor required. All these pieces of legislation exist to create decent excuses for companies to cease
  • Apparently has no idea what multi-protocol clients were. They died painful death on account of Meta, Snapchat et al nuking alt client implementations from app storres (who are complicit) with extreme prejudice to guard their garden.

    The only notable exception is Telegram (Nekogram etc available on play store). Signal is sketchy, as Moxie is keen to talk a lot of bullshit, instead of opening signal GMS push to 3rd parties.

  • This argument sounds dishonest. He pretends the law says something totally different from what it says. The law says WhatsApp has to allow interoperability. He turns that into, "WhatsApp has to support every protocol anyone else uses, even insecure ones like SMS." No they don't. They just have to support some protocol that other people can support. He wants you to think end-to-end encryption is only possible if you keep the whole thing proprietary. That's absurd.

  • WhatsApp to WhatsApp would still be encrypted.
    Only WhatsApp to SMS would be unencrypted, and SMS is not encrypted anyway.
    And: you can not sent an SMS to an WhatsApp user, how the fuck would that be even possible?
    By writing: "Sent to WhatsApp" as first line of text?

    What with other text messaging programs? Does the sender now need to know what the other party is using as text messaging app/program?

    If I sent an SMS, the other party gets it at SMS, simple.

    • by shilly ( 142940 )

      I don't know what the point is you're trying to make, but the question is whether this legislation forces WhatsApp to allow third party apps to be able to send and receive WhatsApp messages, and specifically this is much less about someone using iMessage to send a message to someone else using WhatsApp, and much more more about someone using an app from an exciting new European startup whose potential is now unleashed to send or get a message to or from someone else using WhatsApp, and whether WhatsApp is a

God made the integers; all else is the work of Man. -- Kronecker

Working...